1. Field
The present invention relates generally to digital content protection in computer and consumer electronics systems and, more specifically, to protecting function calls between program modules.
2. Description
The personal computer (PC) platform is an open and accessible computer architecture. However, the openness of the PC means that it is a fundamentally insecure computing platform. Both the hardware and software can be accessed for observation and modification. This openness allows malicious users and programs to observe and to modify executing code, perhaps with the aid of software tools such as debuggers and system diagnostic tools. Despite these risks, there are classes of operations that must be performed securely on the fundamentally insecure PC platform. These are applications where the basic integrity of the operation must be assumed, or at least verified, to be reliable. Examples of such operations include financial transactions and other electronic commerce, unattended access authorization, and digital content management.
For content providers, countering the threat of digital piracy on the PC requires new software that is resistant to attacks by a malicious user. In this scenario, the malicious user may wish to tamper with or replace particular components of the software in order to gain unauthorized access to digital content or to make unauthorized reproductions. A cryptosystem based on cryptographic methods employed in conjunction with the software may be used to help protect the content owner's rights. Content may be encrypted to provide some measure of protection, but the software accessing the decrypted content during playback is still vulnerable to attack.
Digital content is usually accessed by a player application running on the PC or other electronic device. Players are typically not designed with security in mind. In one example of using the Windows operating system (OS), commercially available from Microsoft Corporation, a player during its operation may make one or more calls to services provided by the OS. A loader function in the OS is used to load the player code into memory, and unresolved references to OS services may be resolved (i.e., bound) at a relatively late stage. Although the integrity of the player may be protected by various known security measures, in some cases the calls that the player makes to OS services may be observed by a malicious user. In fact, these service calls may be susceptible to a “man-in-the-middle” attack.
Although known techniques may generally provide an adequate level of security, improvements can still be made to further secure software and stay one step ahead of digital content pirates. What is needed is a method that will allow a player or other application program on the fundamentally insecure, open PC to call OS services that are very difficult to be observed or modified.